One of the reference implementations of Hitachi ID Identity Manager and Hitachi ID Password Manager is Identity Express: Partner Portal Edition, designed to delegate the administration of identities and credentials to each partner organization.
Identity Express: Partner Portal Edition only requires two integrations: a managed directory, either Active Directory or LDAP, and an e-mail system, used to communicate with users. Building on these integrations, the reference implementation automates an extensive list of business processes, including:
- Delegated administration:
- Site administrators can create and delete partner organizations and users in those organizations.
- Partner administrators can create and delete users within their own organization.
- Delegated support allows partner administrators to reset passwords and clear lockouts for users in their own organization.
- Visibility control limits the users that any given user can see on the system. Regular users can only access their own profiles, partner administrators can access all users in their own organization and site administrators can access all user profiles.
- Self-service password reset / unlock minimizes the ongoing support burden placed on both site administrators and partner administrators.
- Two factor authentication is used in the login screen, requiring
all users to provide:
- Initially: a browser fingerprint, or a PIN sent to the user's mobile phone or personal e-mail, or use of the Hitachi ID Mobile Access app on the user's phone; then
- Entering the user's directory password or answering security questions.
- Federated access enables partner-facing applications to leverage the aforementioned strong authentication in their own login screens.
- Managed enrollment invites and reminds users to answer security questions, enter their phone number and install the Mobile Access app on their phone.
- Periodic access certification invites site administrators to update the list of partner administrators and partner administrators to correct the list of users in their own organizations.
The objective of the reference implementation is to minimize initial and ongoing configuration of the IAM system -- which lowers cost and reduces time to deploy. At the same time, two-factor authentication, federated access, access certification and password policies strengthen security in the partner portal.
The identity schema and managed entitlements are fully configurable,
via the product administration web UI.